Low Hanging Fruit

by {"login"=>"averagesecurityguy", "email"=>"stephen@averagesecurityguy.info", "display_name"=>"averagesecurityguy", "first_name"=>"", "last_name"=>""}

When I do internal penetration tests I often find the same easily exploitable vulnerabilities laying around the network. My personal favorites are MS08-067 (Yes, I still see it), Apache Tomcat default credentials, open network shares, and web management interfaces with default or no credentials. My typical workflow involves running a Nessus scan and then checking for these common vulnerabilities before moving on to other vulnerabilities identified by Nessus. I decided to write a Python script to automate this task for me. Lhf.py takes a single Nessus v2 XML file and prints a summary HTML file with all of the low hanging fruit found in the Nessus file. Currently, lhf.py checks for the following:

• User accounts available through Null Sessions
• MS08-067
• Open Windows Shares
• Open NFS Shares
• Anonymous FTP
• Default Apache Tomcat Credentials
• Default SNMP Community Strings
• Any Vulnerability with a Metasploit Exploit
• Web Servers

lhf.py is available on Github.